Intrusion Alert Analysis Based on PCA and the LVQ Neural Network
We present a PCA-LVQ method and a balanced-training method for efficient intrusion alert clustering. For the network connection records in the rough 1999 DARPA intrusion dataset, we firstly get a purified and dimension-reduced dataset through Principal Component Analysis (PCA). Then, we use the Learning Vector Quantization (LVQ) neural network to perform intrusion alert clustering on the purified intrusion dataset. To our best knowledge, this is the first attempt of using the LVQ neural network and the PCA-LVQ model on intrusion alert clustering. The experiment results show that the PCA-LVQ model and the balanced-training method are effective: the time costs can be shortened about by three times, and the accuracy of detection can be elevated to a higher level, especially, the clustering accuracy rate of the U2R and R2L alerts can be increased dramatically.
KeywordsIntrusion Detection Intrusion Detection System Attack Type Learn Vector Quantization Processor Cost
Unable to display preview. Download preview PDF.
- 1.Mahoney, M.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic, Ph.D. dissertation, Florida Institute of Technology (2003)Google Scholar
- 2.Eskin, E., Arnold, A., Prerau, M., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security (2002)Google Scholar
- 3.Bouzida, Y., Gombault, S.: EigenConnections to Intrusion Detection. In: Proceedings of the 19th IFIP International Information Security Conference, Kluwer Academic, Dordrecht (2004)Google Scholar
- 4.Ramadas, M.: Detecting Anomalous Network Traffic with Self-Organizing Maps. Master’s thesis, Ohio University (March 2003)Google Scholar
- 5.kddcup.data, available at, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
- 6.jing-xin, W.: Feature selection for the intrusion detection system. In: Proceedings of the sixth conference on computer application and security, China (2002)Google Scholar
- 7.Mukkamala1, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. International Journal of Digital Evidence 1(4) (Winter 2003)Google Scholar
- 10.Kohonen, T., Hynninen, J., Kangas, J.: LVQ_PAK: The Learning Vector Quantization Program Package. Techinical report (1996)Google Scholar
- 11.Hagan, M.T., Demuth, H.B., Beale, N.H.: Neural network design. China Machine Press (August 2002)Google Scholar